aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2021-05-14 17:03:14 +0800
committerDavid Hu <david.hu@arm.com>2021-06-02 05:00:40 +0200
commit611610c1527a1d46569b2126eaa6a396986e4623 (patch)
tree3fea30ee1c49fe47e8ca612973949e7c15b23624 /secure_fw
parent51546c2e8b6265838ccdc04053c528549592e804 (diff)
downloadtrusted-firmware-m-611610c1527a1d46569b2126eaa6a396986e4623.tar.gz
Attest: Remove initial attestation get public key API function
It is overkill to implement a dedicated secure function for NS to fetch initial attestation public key just for test purpose. Besides, this function to get public key can be confusing as it is not defined in PSA Initial Attestation API spec. Remove get public key secure function from NS and S sides to simplify TF-M initial attestation implementation and interface. Change-Id: I8d0967698e3d2f2c684194caa9a6234585026a71 Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/partitions/initial_attestation/attest.h18
-rw-r--r--secure_fw/partitions/initial_attestation/attest_asymmetric_key.c30
-rw-r--r--secure_fw/partitions/initial_attestation/attest_core.c64
-rw-r--r--secure_fw/partitions/initial_attestation/attest_key.h19
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c40
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c35
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml17
7 files changed, 8 insertions, 215 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest.h b/secure_fw/partitions/initial_attestation/attest.h
index 91252cb2e..3ee0f4245 100644
--- a/secure_fw/partitions/initial_attestation/attest.h
+++ b/secure_fw/partitions/initial_attestation/attest.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -109,22 +109,6 @@ psa_status_t
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
-/**
- * \brief Get the initial attestation public key.
- *
- * \param[in] in_vec Pointer to in_vec array, which contains input data
- * to attestation service
- * \param[in] num_invec Number of elements in in_vec array
- * \param[out] out_vec Pointer to out_vec array, which contains pointer
- * where to store the output data
- * \param[in] num_outvec Number of elements in out_vec array
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec);
-
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 54dc041fe..9c9bec07a 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
* Copyright (c) 2018-2019, Laurence Lundblade.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -144,24 +144,6 @@ attest_get_signing_key_handle(psa_key_handle_t *handle)
return PSA_ATTEST_ERR_SUCCESS;
}
-enum psa_attest_err_t
-attest_get_initial_attestation_public_key(uint8_t **public_key,
- size_t *public_key_len,
- psa_ecc_family_t *public_key_curve)
-{
-
- /* If the public key length is 0 then it hasn't been loaded */
- if (attestation_public_key_len == 0) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
- *public_key = attestation_public_key;
- *public_key_len = attestation_public_key_len;
- *public_key_curve = attestation_key_curve;
-
- return PSA_ATTEST_ERR_SUCCESS;
-}
-
/*!
* \brief Static function to calculate instance id.
*
@@ -171,15 +153,10 @@ static enum psa_attest_err_t attest_calc_instance_id(void)
{
psa_status_t crypto_res;
enum psa_attest_err_t attest_res;
- uint8_t *public_key;
- size_t key_len;
psa_ecc_family_t psa_curve;
psa_hash_operation_t hash = psa_hash_operation_init();
- attest_res = attest_get_initial_attestation_public_key(&public_key,
- &key_len,
- &psa_curve);
- if (attest_res != PSA_ATTEST_ERR_SUCCESS) {
+ if (!attestation_public_key_len) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
@@ -188,7 +165,8 @@ static enum psa_attest_err_t attest_calc_instance_id(void)
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
- crypto_res = psa_hash_update(&hash, public_key, key_len);
+ crypto_res = psa_hash_update(&hash, attestation_public_key,
+ attestation_public_key_len);
if (crypto_res != PSA_SUCCESS) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c
index 7a43b0067..9d7558c1c 100644
--- a/secure_fw/partitions/initial_attestation/attest_core.c
+++ b/secure_fw/partitions/initial_attestation/attest_core.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -904,65 +904,3 @@ initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
error:
return error_mapping_to_psa_status_t(attest_err);
}
-
-#ifdef SYMMETRIC_INITIAL_ATTESTATION
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- (void)in_vec;
- (void)num_invec;
- (void)out_vec;
- (void)num_outvec;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-#else /* SYMMETRIC_INITIAL_ATTESTATION */
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS;
- struct q_useful_buf key_buffer;
- uint8_t *key_source;
- size_t key_len;
- psa_ecc_family_t curve_type;
-
- (void)in_vec;
-
- if (num_invec != 0 || num_outvec != 3) {
- attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
- goto error;
- }
-
- key_buffer.ptr = out_vec[0].base;
- key_buffer.len = out_vec[0].len;
-
- if (out_vec[1].len != sizeof(curve_type) ||
- out_vec[2].len != sizeof(key_len)) {
- attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
- goto error;
- }
-
- attest_err = attest_get_initial_attestation_public_key(&key_source,
- &key_len,
- &curve_type);
- if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
- goto error;
- }
-
- if (key_buffer.len < key_len) {
- attest_err = PSA_ATTEST_ERR_BUFFER_OVERFLOW;
- goto error;
- }
-
- (void)tfm_memcpy(key_buffer.ptr, key_source, key_len);
-
- *(psa_ecc_family_t *)out_vec[1].base = curve_type;
-
- *(size_t *)out_vec[2].base = key_len;
-
-error:
- return error_mapping_to_psa_status_t(attest_err);
-}
-#endif /* SYMMETRIC_INITIAL_ATTESTATION */
diff --git a/secure_fw/partitions/initial_attestation/attest_key.h b/secure_fw/partitions/initial_attestation/attest_key.h
index a1d7cd4f1..5a4f9b5ef 100644
--- a/secure_fw/partitions/initial_attestation/attest_key.h
+++ b/secure_fw/partitions/initial_attestation/attest_key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -68,23 +68,6 @@ attest_get_signing_key_handle(psa_key_handle_t *key_handle);
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);
-/**
- * \brief Get the public key derived from the initial attestation private key.
- *
- * \param[out] public_key Pointer to public key buffer.
- * \param[out] public_key_len Size of public key in bytes.
- * \param[out] public_key_curve Type of the curve that is used in the public
- * key.
- *
- * \retval PSA_ATTEST_ERR_SUCCESS Public key was successfully returned.
- * \retval PSA_ATTEST_ERR_GENERAL Public key could not be returned.
- */
-
-enum psa_attest_err_t
-attest_get_initial_attestation_public_key(uint8_t **public_key,
- size_t *public_key_len,
- psa_ecc_family_t *public_key_curve);
-
#ifdef INCLUDE_COSE_KEY_ID
/**
* \brief Get the attestation key ID.
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
index c2fdbd4b6..dc14e4143 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
@@ -98,43 +98,6 @@ static psa_status_t psa_attest_get_token_size(const psa_msg_t *msg)
return status;
}
-static psa_status_t tfm_attest_get_public_key(const psa_msg_t *msg)
-{
- psa_status_t status = PSA_SUCCESS;
- uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE];
- size_t key_len;
- psa_ecc_family_t curve_type;
-
- psa_outvec out_vec[] = {
- {.base = key_buf, .len = sizeof(key_buf)},
- {.base = &curve_type, .len = sizeof(curve_type)},
- {.base = &key_len, .len = sizeof(key_len)}
- };
-
- if (msg->out_size[1] != out_vec[1].len ||
- msg->out_size[2] != out_vec[2].len) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Store the client ID here for later use in service. */
- g_attest_caller_id = msg->client_id;
-
- status = initial_attest_get_public_key(NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
-
- if (msg->out_size[0] < key_len) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- if (status == PSA_SUCCESS) {
- psa_write(msg->handle, 0, key_buf, key_len);
- psa_write(msg->handle, 1, &curve_type, out_vec[1].len);
- psa_write(msg->handle, 2, &key_len, out_vec[2].len);
- }
-
- return status;
-}
-
/*
* Fixme: Temporarily implement abort as infinite loop,
* will replace it later.
@@ -186,9 +149,6 @@ psa_status_t attest_partition_init(void)
} else if (signals & TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL) {
attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL,
psa_attest_get_token_size);
- } else if (signals & TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL,
- tfm_attest_get_public_key);
} else {
tfm_abort();
}
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
index 8b0e6ee77..52744ed6d 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
@@ -86,38 +86,3 @@ psa_initial_attest_get_token_size(size_t challenge_size,
return status;
}
-
-psa_status_t
-tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type)
-{
- psa_status_t status;
-
- psa_outvec out_vec[] = {
- {.base = public_key, .len = public_key_buf_size},
- {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)},
- {.base = public_key_len, .len = sizeof(*public_key_len)}
- };
-
-#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
-
- handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
- TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
- NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
-#else
- status = tfm_initial_attest_get_public_key_veneer(NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
-#endif
-
- return status;
-}
diff --git a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
index bc44f8f49..d50bb80ed 100644
--- a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
+++ b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -29,14 +29,6 @@
"version": 1,
"version_policy": "STRICT"
},
- {
- "name": "TFM_ATTEST_GET_PUBLIC_KEY",
- "signal": "INITIAL_ATTEST_GET_PUBLIC_KEY",
- "sid": "0x00000022",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
],
"services": [
{
@@ -53,13 +45,6 @@
"version": 1,
"version_policy": "STRICT"
},
- {
- "name": "TFM_ATTEST_GET_PUBLIC_KEY",
- "sid": "0x00000022",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
],
"dependencies": [
"TFM_CRYPTO"